Versions Compared

Old Version 50

changes.mady.by.user Chandresh Patel

Saved on

compared with

New Version 51

changes.mady.by.user Chandresh Patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Field Name

Required

Description

Endpoint Name

Yes

The name of the Endpoint.

Description

No

An optional description for the Endpoint.

Active

Yes

Whether or not the endpoint is active in the system. Defaults to "Yes".

Connection Type

Yes

The connection type used for connection to the Endpoint.

Supports:

  • localhost
  • Unix - SSH
  • WIndows - SSH     Supported on Windows Server 2019 where native OpenSSH is available.
  • Windows - SSH (Cygwin)     See the Cygwin Installation Guide for more information.
Endpoint Details

Endpoint Address

Yes

The DNS name or IP address of the Endpoint.

Port

Yes

The SSH port of the Endpoint (typically port 22).

Base DirectoryYes

A working directory on the Endpoint used by FlexDeploy. ~ is not supported here. For See Permissions information below for details on how to create this folder automatically (Recommended).

For example, /app/flexdeploy.

If you have two FlexDeploy installations that may connect to same Endpoint, you must use unique folders for both FlexDeploy Servers. In most cases, separate FlexDeploy is installed to perform testing of FlexDeploy patches, which may connect to same Endpoint, in which case you can use different folder like /app/flexdeploytest and /app/flexdeploy.

Working directory under /var/tmp or /tmp folder is not recommended as administrators generally have cron jobs to purge files based on age and that will cause issues when plugin files are deleted. For example, Error: Could not find or load main class flexagon.fd.core.plugin.ExternalPluginServer will be encountered when plugin lib files are deleted.

JDK HomeYesThe JDK Home directory on the Endpoint. For example, /usr. FlexDeploy will look for /bin/java under specified JDK Home folder. Not required if the Endpoint is a Docker Host.
Source

Permissions

  • Base directory must be owned by User Name or Run As(if using sudo) and it's group.
  • Ideal option is to point base directory where User Name or Run As(if using sudo) has access to create sub-folder. In such case, FlexDeploy will automatically create folder with necessary permissions.
  • Permissions required are 755. Keep in mind that FlexDeploy may temporarily change permissions specifically when using Run As option.
  • When using Run As, Base Directory is owned by Run As and there is subfolder name scratch owned by User Name. You do not need to worry about this, just let FlexDeploy create these folders automatically. This is documented here only for informational purposes.
JDK HomeYesThe JDK Home directory on the Endpoint. For example, /usr. FlexDeploy will look for /bin/java under specified JDK Home folder. Not required if the Endpoint is a Docker Host.
Source Script No

An optional script executed right before plugins are executed on the endpoint. Script can source some other environment script as well. Script should Unix shell or Windows bat commands depending on type of Endpoint. If using Windows Cygwin SSH then script should be written as Unix shell.

Run As (sudo)No

An optional user to run as (using sudo) after establishing connection to the endpoint when working with Unix OS.

  • Add sudoers rule, such that User Name can sudo to Run As user without prompting for a password.
  • Test by executing the following from FlexDeploy server terminal, connected as User Name: “sudo -u <run as user> bash -c whoami”.  Output should be the name of the Run As user without prompting for a password.
    • After completing endpoint configuration, click “Test Connection” on the Endpoint.

    Some usages of this script include sourcing an environment file (. $HOME/mfile.env)  or exporting a variable (export FLEXAGON_FD_PLUGIN_JAVA_ARGS="-Xmx1024m -Djava.io.tmpdir=/var/tmp"). Variables exported here will become available to plugin executions on this endpoint.

    		Authentication
    Authentication TypeYes

    Mechanism to use for authentication.  The Password, Private Key File, and Passphrase are displayed based on selected type.

    Supports:

    • Username and Password
    • Username and SSH Key
    • Username and SSH Key with Passphrase

    User Name

    Yes

    The user account on the Endpoint to connect with. All executions via this endpoint will run as this user.

    Password

    No

    The password for the User Name. Either password or Private Key File is required.

    Private Key File

    No

    Fully-qualified path of the SSH private key file on FlexDeploy server. Either Private Key File or Password is required. ~ is not supported here.

    Passphrase

    No

    An optional passphrase used when the private key was generated. Only valid if a Private Key File is specified.

    tmp"). Variables exported here will become available to plugin executions on this endpoint.

    Authentication

    Authentication TypeYes

    Mechanism to use for authentication.  The Password, Private Key File, and Passphrase are displayed based on selected type.

    Supports:

    • Username and Password
    • Username and SSH Key
    • Username and SSH Key with Passphrase

    User Name

    Yes

    The user account on the Endpoint to connect with. All executions via this endpoint will run as this user.

    Password

    No

    The password for the User Name. Either password or Private Key File is required.

    Private Key File

    No

    Fully-qualified path of the SSH private key file on FlexDeploy server. Either Private Key File or Password is required. ~ is not supported here.

    Passphrase

    No

    An optional passphrase used when the private key was generated. Only valid if a Private Key File is specified.

    Run As (sudo)No

    An optional user to run as (using sudo) after establishing connection to the endpoint when working with Unix OS.

    • Add sudoers rule, such that User Name can sudo to Run As user without prompting for a password.
    • Test by executing the following from FlexDeploy server terminal, connected as User Name: “sudo -u <run as user> bash -c whoami”.  Output should be the name of the Run As user without prompting for a password.
    • After completing endpoint configuration, click “Test Connection” on the Endpoint.

    If there is a need to adjust sudo commands, then it can be done by setting up description value like shown below. Please consult with Flexagon support if questions on this topic.

    Code Block
    sudoPrefix:sudo su - 
sudoSuffix:bash -c

    Note that there is space at the end of each line. Both prefix and suffix should be on it's own line in Description input. In this example, FlexDeploy will run sudo as per this example command: “sudo su - <run as user> bash -c whoami

    Container Details



    Docker HostYesWhether or not the endpoint is capable of running Docker containers
    K8s ClusterNoWhether or not the endpoint can run Docker containers on a K8s cluster
    K8s ContextNoName of the configured K8s context



    GroupNoAn optional group identifier which can be useful when searching for Endpoints.
    SubgroupNoAn optional subgroup identifier which can be useful when searching for Endpoints.

    ...

    To inactivate an endpoint click the Active link on the desired Endpoint, and it will toggle to Inactive. This will hide that Endpoint after leaving the screen, until the Active checkbox is unchecked. To reactivate an Enpoint, click the Inactive link and it will toggle back to Active. This endpoint is now active in the system again and ready for use.

    ...

    Supported Algorithms for SSH

    Tip

    We focus mostly on use of RSA keys for SSH, which is more prevalent with customers as well.

    Include Page
    Supported Algorithms for SSH
    Supported Algorithms for SSH

    ...

    If you do not already have SSH keys generated for the host where FlexDeploy is installed, login (or switch user) as the user which FlexDeploy runs as, and run the following OpenSSH command.

    Tip

    We focus mostly on use of RSA keys for SSH, which is more prevalent with customers as well.

    • ssh-keygen -t <rsa | dsa> ** where rsa or dsa is the encryption algorithm you wish to use. For example,

    ...

    It is typical to use the default file name and location to store the private key (which is in the .ssh subfolder of the user's home directory). You can optionally secure the private key file with a passphrase. It is an SSH requirement that the private key be readable only by its owner (e.g. oracle in the example above). So you must change the permissions accordingly (e.g. chmod 600 /home/oracle/.ssh/id_rsa). You will receive an error at connection time similar to the following if you omit this step.

    Permissions 0777 for '/home/oracle/.ssh/id_rsa' are too open.

    It is recommended that your private key files are NOT accessible by others otherwise private key will be ignored.

    Tip

    The /home/oracle/.ssh folder on the endpoint must have drw------- permissions. For example,

    • chmod -R 700 $HOME/.ssh
    • chmod 700 $HOME

    ...